#24 Update modules/ROOT/pages/programming-languages/Go.adoc
Merged 2 years ago by huzaifas. Opened 2 years ago by jkelly.
jkelly/defensive-coding-guide master  into  master

@@ -137,12 +137,12 @@ 

  

  [source, go]

  ----

- ```golang

+ 

  name := r.FormValue("name")

  template := template.Must(template.ParseGlob("xss.html"))

  data["Name"] = name

  err := template.ExecuteTemplate(w, name, data)

- ```

+ 

  ----

  

  === 4. Protect yourself from SQL injections
@@ -151,10 +151,10 @@ 

  

  [source, go]

  ----

- ```golang

+ 

  customerName := r.URL.Query().Get("name")

  db.Exec("UPDATE creditcards SET name=? WHERE customerId=?", customerName, 233, 90)

- ```

+ 

  ----

  If using the db.Query() function instead, ensure you sanitize the user’s input first, as above. 

  
@@ -167,18 +167,18 @@ 

  [source, go]

  ----

  

- ```golang

+ 

  w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")

- ```

+ 

  ----

  

  You might also want to specify the server name in the TLS configuration, like this:

  

  [source, go]

  ----

- ```golang

+ 

  config := &tls.Config{ServerName: "yourSiteOrServiceName"}

- ```

+ 

  ----

  Of Note: It’s always a good practice to implement in-transit encryption even if your application is only for internal communication. Imagine if, for some reason, an attacker could sniff your internal traffic. Whenever you can, it’s  always best to raise the difficulty bar for possible future attackers.

  
@@ -202,18 +202,18 @@ 

  Go doesn’t have exceptions. This means that you’d need to handle errors differently than with other languages. The standard looks like this:

  [source, go]

  ----

- ```golang

+ 

  if err != nil {

      // handle the error

  }

- ```

+ 

  ----

  

  

  Also, Go offers a native library to work with logs. The most simple code is like this:

  [source, go]

  ----

- ```golang

+ 

  package main

  

  import (
@@ -223,7 +223,7 @@ 

  func main() {

  	log.Print("Logging in Go!")

  }

- ```

+ 

  ----

  

  
@@ -241,7 +241,7 @@ 

  ==== Further Reading

  

  

- * https://github.com/Binject/awesome-go-securityhttps://github.com/Binject/awesome-go-security   

+ * https://github.com/Binject/awesome-go-security

  * https://owasp.org/www-pdf-archive/Owasp-171123063052.pdf

  * https://github.com/securego/gosec

  * https://tutorialedge.net/golang/secure-coding-in-go-input-validation/

rfc/remove markdown from code block

1 new commit added

  • Update modules/ROOT/pages/programming-languages/Go.adoc
2 years ago

Pull-Request has been merged by huzaifas

2 years ago
Metadata